little maze of #ifs, all different).

Submitted by: Adam Langley

  debugging code that's seldom used.

Submitted by: Chromium Authors

Multiple copies of the ENGINE will cause problems when it is cleaned up as
the methods are stored in static structures which will be overwritten and
freed up more than once.

Set static methods to NULL when the ENGINE is freed so it can be reloaded.

[from HEAD].

PR: 2858

[from HEAD].

PR: 2838

on path with spaces [from HEAD].

PR: 2835

PR: 2833

Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>

Fix possible deadlock when decoding public keys.

to fix DoS attack.

Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)

Make sure tkeylen is initialised properly when encrypting CMS messages.

of digest algorithms, mosty SHA, on Power7. Mystery of century, why SHA,
why slower algorithm are affected more... [from HEAD].
PR: 2794
Submitted by: Ashley Lai

BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)

PR: 2793

PR: 2791
Submitted by: Ben Noordhuis

PR: 2790
Submitted by: Alexei Khlebnikov

PR: 2538

Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Time is always encoded as 4 bytes, not sizeof(Time).

PR: 2776

Fix memory leaks in 'goto err' cases.

the old code came from SSLeay days before TLS was even supported.